[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #16450 [Tor Browser]: Tor browser removes Authorization header



#16450: Tor browser removes Authorization header
-------------------------+--------------------------
 Reporter:  justuser     |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor Browser  |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+--------------------------
 I couldn't use epayments.com from tor-browser.

 Their javascript making queries from https://my.epayments.com/ to
 https://api.epayments.com
 api.epayments.com send Access-Control-Allow-Origin:
 https://my.epayments.com allowing my.epayments.com to make cross domain
 request.

 Javascript on my.epayments.com adds Authorization: Basic some token while
 making request.
 But tor browser removes this header, breaking authorization process. I
 googled and found that this is for better privacy, but could you make this
 feature disableable?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16450>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs